CVE-2025-1561

Summary

CVE-2025-1561 is a Stored Cross-Site Scripting (XSS) vulnerability affecting the AppPresser – Mobile App Framework plugin for WordPress. Versions up to and including 4.4.10 are vulnerable due to insufficient input sanitization and output escaping of the 'title' parameter. Unauthenticated attackers can exploit this weakness by injecting arbitrary web scripts that execute when logging is enabled and a user accesses an injected page. This vulnerability poses a serious threat as it allows attackers to gain unauthorized access to user data and potentially take control of affected websites. WordPress users are advised to update the AppPresser plugin to the latest version to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.